From c4d78e54bc719f42c4f1e25329bb288bf9524cf1 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Thu, 19 Jan 2017 11:08:45 +0100
Subject: [PATCH 01/19] fixed form with get, fix accompanying css

---
 website/public/styles/adminpanel.css |  8 +++---
 website/views/adminpanel.php         | 42 +++++++++++++---------------
 2 files changed, 23 insertions(+), 27 deletions(-)

diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index d5b740e..e684714 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -22,6 +22,10 @@
     box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);
 }
 
+.admin-searchform {
+    display: inline-block;
+}
+
 .admin-searchbar {
     display: inline-block;
     margin: 10px;
@@ -44,10 +48,6 @@
     width: 120px;
 }
 
-.admin-groupfilter {
-    display: none;
-}
-
 .admin-users {
     margin: 10px;
 }
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index 5a3ba97..ea9cea6 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -43,23 +43,24 @@ $listnr = 0; // TODO: add page functionality
 $status = $groupstatus = array();
 $pagetype = "user";
 
+if (!empty($_GET["search"])) {
+    $search = test_input($_GET["search"]);
+}
+
+if (!empty($_GET["pagetype"])) {
+    $pagetype = test_input($_GET["pagetype"]);
+}
+
+if (!empty($_GET["status"])) {
+    $status = $_GET["status"];
+}
+
+if (!empty($_GET["groupstatus"])) {
+    $groupstatus = $_GET["groupstatus"];
+}
+
+
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    if (!empty($_POST["search"])) {
-        $search = test_input($_POST["search"]);
-    }
-
-    if (!empty($_POST["pagetype"])) {
-        $pagetype = test_input($_POST["pagetype"]);
-    }
-
-    if (!empty($_POST["status"])) {
-        $status = $_POST["status"];
-    }
-
-    if (!empty($_POST["groupstatus"])) {
-        $groupstatus = $_POST["groupstatus"];
-    }
-
     if (!empty($_POST["actions"]) && !empty($_POST["userID"])) {
         changeUserStatusByID($db, $_POST["userID"], $_POST["actions"]);
     } elseif (!empty($_POST["actions"]) && !empty($_POST["groupID"])) {
@@ -81,13 +82,10 @@ function test_input($data) {
         <div class="admin-title">
             <h1>User Management Panel</h1>
         </div> <br>
-        <form class="admin-actionform"
-              action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
-              method="post">
         <div class="admin-options">
             <form class="admin-searchform"
                   action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"
-                  method="post">
+                  method="get">
                 <div class="admin-searchbar">
                     <h2>Search</h2>
                     <input type="text"
@@ -190,7 +188,7 @@ function test_input($data) {
                             $username = $user['username'];
                             $role = $user['role'];
                             $bancomment = $user['bancomment'];
-                            $thispage = htmlspecialchars($_SERVER['PHP_SELF']);
+                            $thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
 
                             echo("
                             <tr>
@@ -256,9 +254,7 @@ function test_input($data) {
                     ?>
                 </table>
             </div>
-        </form>
         <pre>
-            <?php print_r($_POST); ?>
         </pre>
     </div>
 </div>

From 4c9223cba2b2f7bb835d64e3b1dd5078d22267a8 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Thu, 19 Jan 2017 12:57:10 +0100
Subject: [PATCH 02/19] add user and group batch change

---
 website/public/styles/adminpanel.css |  2 +-
 website/queries/group_page.php       | 16 ++++++
 website/queries/user.php             | 16 ++++++
 website/views/adminpanel.php         | 80 +++++++++++++++++++++-------
 4 files changed, 94 insertions(+), 20 deletions(-)

diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index e684714..85921b7 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -13,7 +13,7 @@
     height: auto;
 }
 
-.admin-actions {
+.admin-batchactions, .admin-groupbatchactions {
     display: inline-block;
     padding: 8px;
     vertical-align: top;
diff --git a/website/queries/group_page.php b/website/queries/group_page.php
index c6db01b..e0c8f17 100644
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -94,6 +94,22 @@ function changeGroupStatusByID($db, $id, $status) {
 }
 
 
+function changeMultipleGroupStatusByID($db, $ids, $status) {
+    $q = $db->prepare("
+    UPDATE
+        `group_page`
+    SET
+        `status` = :status
+    WHERE
+        FIND_IN_SET (`groupID`, :ids)
+    ");
+
+    $ids = implode(',', $ids);
+    $q->bindParam(':ids', $ids);
+    $q->bindParam(':status', $status);
+    $q->execute();
+    return $q;
+}
 
 
 ?>
diff --git a/website/queries/user.php b/website/queries/user.php
index bfd9579..d0d81bd 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -82,5 +82,21 @@ function changeUserStatusByID($db, $id, $status) {
     return $q;
 }
 
+function changeMultipleUserStatusByID($db, $ids, $status) {
+    $q = $db->prepare("
+    UPDATE
+        `user`
+    SET
+        `role` = :status
+    WHERE
+        FIND_IN_SET (`userID`, :ids)
+    ");
+
+    $ids = implode(',', $ids);
+    $q->bindParam(':ids', $ids);
+    $q->bindParam(':status', $status);
+    $q->execute();
+    return $q;
+}
 
 ?>
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index ea9cea6..8b0990c 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -9,7 +9,7 @@
     };
 
     function checkAll(allbox) {
-        var checkboxes = document.getElementsByName('checkbox-user[]');
+        var checkboxes = document.getElementsByClassName('checkbox-list');
 
         for (var i = 0; i < checkboxes.length; i++) {
             if (checkboxes[i].type == 'checkbox') {
@@ -22,9 +22,15 @@
         if (document.getElementById('group').checked) {
             document.getElementById('admin-filter').style.display = 'none';
             document.getElementById('admin-groupfilter').style.display = 'inline-block';
+
+            document.getElementById('admin-batchactions').style.display = 'none';
+            document.getElementById('admin-groupbatchactions').style.display = 'inline-block';
         } else {
             document.getElementById('admin-filter').style.display = 'inline-block';
             document.getElementById('admin-groupfilter').style.display = 'none';
+
+            document.getElementById('admin-batchactions').style.display = 'inline-block';
+            document.getElementById('admin-groupbatchactions').style.display = 'none';
         }
     }
 
@@ -43,30 +49,40 @@ $listnr = 0; // TODO: add page functionality
 $status = $groupstatus = array();
 $pagetype = "user";
 
-if (!empty($_GET["search"])) {
+if (isset($_GET["search"])) {
     $search = test_input($_GET["search"]);
 }
 
-if (!empty($_GET["pagetype"])) {
+if (isset($_GET["pagetype"])) {
     $pagetype = test_input($_GET["pagetype"]);
 }
 
-if (!empty($_GET["status"])) {
+if (isset($_GET["status"])) {
     $status = $_GET["status"];
 }
 
-if (!empty($_GET["groupstatus"])) {
+if (isset($_GET["groupstatus"])) {
     $groupstatus = $_GET["groupstatus"];
 }
 
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    if (!empty($_POST["actions"]) && !empty($_POST["userID"])) {
+    if (isset($_POST["actions"]) && isset($_POST["userID"])) {
         changeUserStatusByID($db, $_POST["userID"], $_POST["actions"]);
-    } elseif (!empty($_POST["actions"]) && !empty($_POST["groupID"])) {
+    }
+
+    if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
         changeGroupStatusByID($db, $_POST["groupID"], $_POST["actions"]);
     }
 
+    if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
+        changeMultipleUserStatusByID($db, $_POST["checkbox-user"], $_POST["batchactions"]);
+    }
+
+    if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
+        changeMultipleGroupStatusByID($db, $_POST["checkbox-group"], $_POST["groupbatchactions"]);
+    }
+
 }
 
 function test_input($data) {
@@ -145,15 +161,36 @@ function test_input($data) {
                 </div>
             </form>
 
-                <div class="admin-actions">
+                <div class="admin-batchactions" id="admin-batchactions">
                     <h2>Batch Actions: </h2>
-                    <input type="radio" name="actions" id="freeze" value="freeze">
-                    <label for="freeze">Freeze</label><br>
-                    <input type="radio" name="actions" id="ban" value="ban">
-                    <label for="ban">Ban</label><br>
-                    <input type="radio" name="actions" id="restore" value="restore">
-                    <label for="restore">Restore</label><br><br>
-                    <input type="submit" value="Confirm">
+                    <form class="admin-batchform"
+                          id="admin-batchform"
+                          action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
+                          method="post">
+                        <input type="radio" name="batchactions" id="freeze" value="2">
+                        <label for="freeze">Freeze</label><br>
+                        <input type="radio" name="batchactions" id="ban" value="3">
+                        <label for="ban">Ban</label><br>
+                        <input type="radio" name="batchactions" id="restore" value="1">
+                        <label for="restore">Restore</label><br><br>
+                        <input type="submit" value="Confirm">
+                    </form>
+                </div>
+
+                <div class="admin-groupbatchactions" id="admin-groupbatchactions">
+                    <h2>Batch Actions: </h2>
+                    <form class="admin-groupbatchform"
+                          id="admin-groupbatchform"
+                          action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
+                          method="post">
+                        <input type="radio" name="groupbatchactions" id="hide" value="0">
+                        <label for="hide">Hide</label><br>
+                        <input type="radio" name="groupbatchactions" id="public" value="1">
+                        <label for="public">Public</label><br>
+                        <input type="radio" name="groupbatchactions" id="membersonly" value="2">
+                        <label for="membersonly">Member</label><br><br>
+                        <input type="submit" value="Confirm">
+                    </form>
                 </div>
             </div>
             <br>
@@ -194,7 +231,9 @@ function test_input($data) {
                             <tr>
                             <td><input type='checkbox'
                             name='checkbox-user[]'
-                            value='$userID'>
+                            class='checkbox-list'
+                            value='$userID'
+                            form='admin-batchform'>
                             </td>
                             <td>$username</td>
                             <td>$role</td>
@@ -223,13 +262,15 @@ function test_input($data) {
                             $name = $group['name'];
                             $role = $group['status'];
                             $description = $group['description'];
-                            $thispage = htmlspecialchars($_SERVER['PHP_SELF']);
+                            $thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
 
                             echo("
                             <tr>
                             <td><input type='checkbox'
                             name='checkbox-group[]'
-                            value='$groupID'>
+                            class='checkbox-list'
+                            value='$groupID'
+                            form='admin-groupbatchform'>
                             </td>
                             <td>$name</td>
                             <td>$role</td>
@@ -241,7 +282,7 @@ function test_input($data) {
                             <select class='action' name='actions'>
                             <option value='0'>Hide</option>
                             <option value='1'>Public</option>
-                            <option value='2'>Members-only</option>
+                            <option value='2'>Members</option>
                             </select>
                             <input type='hidden' name='groupID' value='$groupID'>
                             <input type='submit' value='Confirm'>
@@ -255,6 +296,7 @@ function test_input($data) {
                 </table>
             </div>
         <pre>
+            <?php print_r($_POST); ?>
         </pre>
     </div>
 </div>

From 1640d38baac03a31d8272461a96b287ba17655ca Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Thu, 19 Jan 2017 16:29:38 +0100
Subject: [PATCH 03/19] add user page functionality

---
 website/queries/user.php     | 51 ++++++++++++++++++++++++++++
 website/views/adminpanel.php | 65 +++++++++++++++++++++++++++++++-----
 2 files changed, 107 insertions(+), 9 deletions(-)

diff --git a/website/queries/user.php b/website/queries/user.php
index d0d81bd..9b05511 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -69,6 +69,57 @@ function search20UsersFromNByStatus($db, $n, $keyword, $status) {
     return $q;
 }
 
+function searchSomeUsersByStatus($db, $n, $m, $keyword, $status) {
+    $q = $db->prepare("
+    SELECT
+        `userID`,
+        `username`,
+        `role`,
+        `bancomment`
+    FROM
+        `user`
+    WHERE
+        `username` LIKE :keyword AND
+        FIND_IN_SET (`role`, :statuses)
+    ORDER BY
+        `role`,
+        `username`
+    LIMIT
+        :n, :m
+    ");
+
+    $keyword = "%$keyword%";
+    $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':n', $n, PDO::PARAM_INT);
+    $q->bindParam(':m', $m, PDO::PARAM_INT);
+    $statuses = implode(',', $status);
+    $q->bindParam(':statuses', $statuses);
+    $q->execute();
+    return $q;
+}
+
+function countSomeUsersByStatus($db, $keyword, $status) {
+    $q = $db->prepare("
+    SELECT
+        COUNT(*)
+    FROM
+        `user`
+    WHERE
+        `username` LIKE :keyword AND
+        FIND_IN_SET (`role`, :statuses)
+    ORDER BY
+        `role`,
+        `username`
+    ");
+
+    $keyword = "%$keyword%";
+    $q->bindParam(':keyword', $keyword);
+    $statuses = implode(',', $status);
+    $q->bindParam(':statuses', $statuses);
+    $q->execute();
+    return $q;
+}
+
 function changeUserStatusByID($db, $id, $status) {
     $q = $db->query("
     UPDATE
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index 8b0990c..637bf56 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -18,6 +18,23 @@
         }
     }
 
+    function checkCheckAll(allbox) {
+        var checkboxes = document.getElementsByClassName('checkbox-list');
+        var checked = true;
+
+        for (var i = 0; i < checkboxes.length; i++) {
+            if (checkboxes[i].type == 'checkbox') {
+                if (checkboxes[i].checked == false) {
+                    checked = false;
+                    break;
+                }
+            }
+        }
+
+        document.write(checked);
+        allbox.checked = checked;
+    }
+
     function changeFilter() {
         if (document.getElementById('group').checked) {
             document.getElementById('admin-filter').style.display = 'none';
@@ -45,7 +62,10 @@
 <!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
 <?php
 $search = "";
-$listnr = 0; // TODO: add page functionality
+$listn = 0; // TODO: add page functionality
+$listm = 20;
+$currentpage = 1;
+$perpage = 20;
 $status = $groupstatus = array();
 $pagetype = "user";
 
@@ -83,6 +103,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         changeMultipleGroupStatusByID($db, $_POST["checkbox-group"], $_POST["groupbatchactions"]);
     }
 
+    if (isset($_POST["pageselect"])) {
+        $currentpage = $_POST["pageselect"];
+    }
+
 }
 
 function test_input($data) {
@@ -199,15 +223,37 @@ function test_input($data) {
                 <h2 class="usertitle">Users:</h2>
 
                 <div class="admin-userpage">
+                    <p class="pagenumber">Showing results
+                    <?php $pages = countSomeUsersByStatus($db, $search, $status);
+                    $countresults = $pages->fetchColumn();
+                    $mincount = min($listm, $countresults);
+                    echo "$listn to $mincount out of $countresults"; ?></p><br>
                     <input type="submit" name="prev" value="prev">
-                    1 / 1
+                    <form class="admin-pageselector"
+                          action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
+                          method="post">
+                          <select class="admin-pageselect"
+                                  name="pageselect"
+                                  onchange="this.form.submit()"
+                                  value="">
+                              <?php
+                              for ($i=1; $i <= $countresults / $perpage + 1; $i++) {
+                                  if ($currentpage == $i) {
+                                      echo "<option value='$i' selected>$i</option>";
+                                  } else {
+                                      echo "<option value='$i'>$i</option>";
+                                  }
+                              }
+                              ?>
+                          </select>
+                    </form>
                     <input type="submit" name="next" value="next">
                 </div> <br>
 
                 <table class="usertable">
                     <tr>
                         <th class="table-checkbox">
-                            <input type="checkbox" name="checkall" onchange="checkAll(this)">
+                            <input type="checkbox" id="checkall" name="checkall" onchange="checkAll(this)">
                         </th>
                         <th class="table-username">User</th>
                         <th class="table-status">Status</th>
@@ -217,8 +263,11 @@ function test_input($data) {
 
                     <!-- Table construction via php PDO. -->
                     <?php
+                    $listn = ($currentpage-1) * 20;
+                    $listm = $currentpage * 20;
+
                     if ($pagetype == 'user') {
-                        $q = search20UsersFromNByStatus($db, $listnr, $search, $status);
+                        $q = searchSomeUsersByStatus($db, $listn, $listm, $search, $status);
 
                         while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                             $userID = $user['userID'];
@@ -233,7 +282,8 @@ function test_input($data) {
                             name='checkbox-user[]'
                             class='checkbox-list'
                             value='$userID'
-                            form='admin-batchform'>
+                            form='admin-batchform'
+                            onchange='checkCheckAll(document.getElementById('checkall'))'>
                             </td>
                             <td>$username</td>
                             <td>$role</td>
@@ -255,7 +305,7 @@ function test_input($data) {
                             ");
                         }
                     } else {
-                        $q = search20GroupsFromNByStatus($db, $listnr, $search, $groupstatus);
+                        $q = search20GroupsFromNByStatus($db, $listn, $search, $groupstatus);
 
                         while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
                             $groupID = $group['groupID'];
@@ -295,9 +345,6 @@ function test_input($data) {
                     ?>
                 </table>
             </div>
-        <pre>
-            <?php print_r($_POST); ?>
-        </pre>
     </div>
 </div>
 </body>

From e0d02d283de79c8238bed1951af6eeb2a563a2ad Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Thu, 19 Jan 2017 16:42:45 +0100
Subject: [PATCH 04/19] add page functionality for groups

---
 website/queries/group_page.php | 49 ++++++++++++++++++++++++++++++++++
 website/views/adminpanel.php   | 20 +++++++++-----
 2 files changed, 62 insertions(+), 7 deletions(-)

diff --git a/website/queries/group_page.php b/website/queries/group_page.php
index e0c8f17..64a048a 100644
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -80,6 +80,55 @@ function search20GroupsFromNByStatus($db, $n, $keyword, $status) {
     return $q;
 }
 
+function searchSomeGroupsByStatus($db, $n, $m, $keyword, $status) {
+    $q = $db->prepare("
+    SELECT
+        `groupID`,
+        `name`,
+        `status`,
+        `description`
+    FROM
+        `group_page`
+    WHERE
+        `name` LIKE :keyword AND
+        FIND_IN_SET (`status`, :statuses)
+    ORDER BY
+        `name`
+    LIMIT
+        :n, :m
+    ");
+
+    $keyword = "%$keyword%";
+    $q->bindParam(':keyword', $keyword);
+    $q->bindParam(':n', $n, PDO::PARAM_INT);
+    $q->bindParam(':m', $m, PDO::PARAM_INT);
+    $statuses = implode(',', $status);
+    $q->bindParam(':statuses', $statuses);
+    $q->execute();
+    return $q;
+}
+
+function countSomeGroupsByStatus($db, $keyword, $status) {
+    $q = $db->prepare("
+    SELECT
+        COUNT(*)
+    FROM
+        `group_page`
+    WHERE
+        `name` LIKE :keyword AND
+        FIND_IN_SET (`status`, :statuses)
+    ORDER BY
+        `name`
+    ");
+
+    $keyword = "%$keyword%";
+    $q->bindParam(':keyword', $keyword);
+    $statuses = implode(',', $status);
+    $q->bindParam(':statuses', $statuses);
+    $q->execute();
+    return $q;
+}
+
 function changeGroupStatusByID($db, $id, $status) {
     $q = $db->query("
     UPDATE
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index 637bf56..925a681 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -62,8 +62,6 @@
 <!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
 <?php
 $search = "";
-$listn = 0; // TODO: add page functionality
-$listm = 20;
 $currentpage = 1;
 $perpage = 20;
 $status = $groupstatus = array();
@@ -109,6 +107,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 
 }
 
+$listn = ($currentpage-1) * $perpage;
+$listm = $currentpage * $perpage;
+
 function test_input($data) {
   $data = trim($data);
   $data = stripslashes($data);
@@ -224,7 +225,12 @@ function test_input($data) {
 
                 <div class="admin-userpage">
                     <p class="pagenumber">Showing results
-                    <?php $pages = countSomeUsersByStatus($db, $search, $status);
+                    <?php
+                    if ($pagetype == "user") {
+                        $pages = countSomeUsersByStatus($db, $search, $status);
+                    } else {
+                        $pages = countSomeGroupsByStatus($db, $search, $status);
+                    }
                     $countresults = $pages->fetchColumn();
                     $mincount = min($listm, $countresults);
                     echo "$listn to $mincount out of $countresults"; ?></p><br>
@@ -237,7 +243,7 @@ function test_input($data) {
                                   onchange="this.form.submit()"
                                   value="">
                               <?php
-                              for ($i=1; $i <= $countresults / $perpage + 1; $i++) {
+                              for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
                                   if ($currentpage == $i) {
                                       echo "<option value='$i' selected>$i</option>";
                                   } else {
@@ -263,8 +269,8 @@ function test_input($data) {
 
                     <!-- Table construction via php PDO. -->
                     <?php
-                    $listn = ($currentpage-1) * 20;
-                    $listm = $currentpage * 20;
+                    $listn = ($currentpage-1) * $perpage;
+                    $listm = $currentpage * $perpage;
 
                     if ($pagetype == 'user') {
                         $q = searchSomeUsersByStatus($db, $listn, $listm, $search, $status);
@@ -305,7 +311,7 @@ function test_input($data) {
                             ");
                         }
                     } else {
-                        $q = search20GroupsFromNByStatus($db, $listn, $search, $groupstatus);
+                        $q = searchSomeGroupsByStatus($db, $listn, $listm, $search, $groupstatus);
 
                         while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
                             $groupID = $group['groupID'];

From 3152839dae104cc90a56642de543173bb49d8cc9 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Fri, 20 Jan 2017 12:06:23 +0100
Subject: [PATCH 05/19] add javascript for userlist tablehead checkall box, fix
 pageselector css

---
 website/public/styles/adminpanel.css | 12 +++--
 website/views/adminpanel.php         | 79 +++++++++++++++-------------
 2 files changed, 52 insertions(+), 39 deletions(-)

diff --git a/website/public/styles/adminpanel.css b/website/public/styles/adminpanel.css
index 85921b7..b226cd3 100644
--- a/website/public/styles/adminpanel.css
+++ b/website/public/styles/adminpanel.css
@@ -52,10 +52,16 @@
     margin: 10px;
 }
 
-.admin-userpage {
-    width: 170px;
-    margin-bottom: 20px;
+.admin-userheading {
+    width: auto;
+    float: left;
+}
+
+.admin-pageui {
+    text-align: right;
     float: right;
+    width: auto;
+    margin-bottom: 20px;
 }
 
 .usertitle {
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index 925a681..52681a4 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -30,8 +30,6 @@
                 }
             }
         }
-
-        document.write(checked);
         allbox.checked = checked;
     }
 
@@ -221,39 +219,45 @@ function test_input($data) {
             <br>
 
             <div class="admin-users">
-                <h2 class="usertitle">Users:</h2>
-
-                <div class="admin-userpage">
-                    <p class="pagenumber">Showing results
-                    <?php
-                    if ($pagetype == "user") {
-                        $pages = countSomeUsersByStatus($db, $search, $status);
-                    } else {
-                        $pages = countSomeGroupsByStatus($db, $search, $status);
-                    }
-                    $countresults = $pages->fetchColumn();
-                    $mincount = min($listm, $countresults);
-                    echo "$listn to $mincount out of $countresults"; ?></p><br>
-                    <input type="submit" name="prev" value="prev">
-                    <form class="admin-pageselector"
-                          action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
-                          method="post">
-                          <select class="admin-pageselect"
-                                  name="pageselect"
-                                  onchange="this.form.submit()"
-                                  value="">
-                              <?php
-                              for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
-                                  if ($currentpage == $i) {
-                                      echo "<option value='$i' selected>$i</option>";
-                                  } else {
-                                      echo "<option value='$i'>$i</option>";
+                <div class="admin-usertitle">
+                    <div class="admin-userheading">
+                        <h2>Users:</h2>
+                    </div>
+                    <div class="admin-pageui">
+                        <?php
+                        if ($pagetype == "user") {
+                            $pages = countSomeUsersByStatus($db, $search, $status);
+                        } else {
+                            $pages = countSomeGroupsByStatus($db, $search, $status);
+                        }
+                        $countresults = $pages->fetchColumn();
+                        $mincount = min($listm, $countresults);
+                        $minlist = min($listn + 1, $countresults);
+                        ?>
+                        <p class="pagenumber">Current page:</p>
+                        <form class="admin-pageselector"
+                              action="<?php htmlspecialchars(basename($_SERVER['REQUEST_URI'])) ?>"
+                              method="post">
+                              <select class="admin-pageselect"
+                                      name="pageselect"
+                                      onchange="this.form.submit()"
+                                      value="">
+                                  <?php
+                                  for ($i=1; $i <= ceil($countresults / $perpage); $i++) {
+                                      if ($currentpage == $i) {
+                                          echo "<option value='$i' selected>$i</option>";
+                                      } else {
+                                          echo "<option value='$i'>$i</option>";
+                                      }
                                   }
-                              }
-                              ?>
-                          </select>
-                    </form>
-                    <input type="submit" name="next" value="next">
+                                  ?>
+                              </select>
+                        </form>
+                        <p class="entriesshown">
+                        <?php
+                        echo "Showing results $minlist to $mincount out of $countresults";
+                        ?>
+                    </div>
                 </div> <br>
 
                 <table class="usertable">
@@ -281,6 +285,7 @@ function test_input($data) {
                             $role = $user['role'];
                             $bancomment = $user['bancomment'];
                             $thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
+                            $function = "checkCheckAll(document.getElementById('checkall'))";
 
                             echo("
                             <tr>
@@ -289,7 +294,7 @@ function test_input($data) {
                             class='checkbox-list'
                             value='$userID'
                             form='admin-batchform'
-                            onchange='checkCheckAll(document.getElementById('checkall'))'>
+                            onchange=" . "$function" . ">
                             </td>
                             <td>$username</td>
                             <td>$role</td>
@@ -319,6 +324,7 @@ function test_input($data) {
                             $role = $group['status'];
                             $description = $group['description'];
                             $thispage = htmlspecialchars(basename($_SERVER['REQUEST_URI']));
+                            $function = "checkCheckAll(document.getElementById('checkall'))";
 
                             echo("
                             <tr>
@@ -326,7 +332,8 @@ function test_input($data) {
                             name='checkbox-group[]'
                             class='checkbox-list'
                             value='$groupID'
-                            form='admin-groupbatchform'>
+                            form='admin-groupbatchform'
+                            onchange=" . "$function" . ">
                             </td>
                             <td>$name</td>
                             <td>$role</td>

From daff2f41faf4b0f8b7def9edc294aace9976f068 Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Fri, 20 Jan 2017 12:29:34 +0100
Subject: [PATCH 06/19] minor fix

---
 website/views/adminpanel.php | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index 86c674a..52681a4 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -99,15 +99,8 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         changeMultipleGroupStatusByID($db, $_POST["checkbox-group"], $_POST["groupbatchactions"]);
     }
 
-<<<<<<< HEAD
     if (isset($_POST["pageselect"])) {
         $currentpage = $_POST["pageselect"];
-=======
-    if (!empty($_POST["actions"]) && !empty($_POST["userID"])) {
-        changeUserStatusByID($_POST["userID"], $_POST["actions"]);
-    } elseif (!empty($_POST["actions"]) && !empty($_POST["groupID"])) {
-        changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
->>>>>>> master
     }
 
 }

From eb1fc154015d8477041aee70a05c2561f8983196 Mon Sep 17 00:00:00 2001
From: Joey Lai <joeylai96@hotmail.com>
Date: Fri, 20 Jan 2017 12:32:39 +0100
Subject: [PATCH 07/19] script on right lines

---
 website/public/login.php | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/website/public/login.php b/website/public/login.php
index 65babdf..3d37da7 100644
--- a/website/public/login.php
+++ b/website/public/login.php
@@ -7,6 +7,18 @@
     include_once("../queries/checkInput.php")
 ?>
 <body>
+<script>
+function checkLoggedIn() {
+    if (confirm("You are already logged in!\Do you want to logout?\Press ok to logout.") == true) {
+        unset($_SESSION["userID"]);
+        header("Location: login.php");
+    } else {
+        header("location: profile.php");
+    }
+    document.getElementById("demo").innerHTML = x;
+}
+</script>
+
 <?php
     session_start();
 
@@ -48,18 +60,5 @@
 /* This view adds login view */
 include("../views/login-view.php");
 ?>
-
-<script>
-function checkLoggedIn() {
-    if (confirm("You are already logged in!\Do you want to logout?\Press ok to logout.") == true) {
-        unset($_SESSION["userID"]);
-        header("Location: login.php");
-    } else {
-        header("location: profile.php");
-    }
-    document.getElementById("demo").innerHTML = x;
-}
-</script>
-
 </body>
 </html>

From 0f02859124c64c4e0c917a7d2a969718d527baaa Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Fri, 20 Jan 2017 12:58:34 +0100
Subject: [PATCH 08/19] fix queries for global and prepared

---
 website/queries/group_page.php | 43 ++++++++++++++++++++--------------
 website/queries/user.php       | 29 ++++++++++++++---------
 website/views/adminpanel.php   | 16 ++++++-------
 3 files changed, 52 insertions(+), 36 deletions(-)

diff --git a/website/queries/group_page.php b/website/queries/group_page.php
index 44d346c..ef7af07 100644
--- a/website/queries/group_page.php
+++ b/website/queries/group_page.php
@@ -1,7 +1,7 @@
 <?php
 
 function selectGroupById($groupID) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
     SELECT
         `group_page`.`name`,
         `group_page`.`picture`,
@@ -11,12 +11,16 @@ function selectGroupById($groupID) {
     FROM
         `group_page`
     WHERE
-        `group_page`.`groupID` = $groupID
+        `group_page`.`groupID` = :groupID
     ");
+
+    $q->bindParam(':groupID', $groupID);
+    $q->execute();
+    return $q;
 }
 
 function select20GroupsFromN($n) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
     SELECT
         `group_page`.`groupID`,
         `group_page`.`name`,
@@ -29,12 +33,16 @@ function select20GroupsFromN($n) {
     ORDER BY
         `group_page`.`name` ASC
     LIMIT
-        $n, 20
+        :n, 20
     ");
+
+    $q->bindParam(':n', $n);
+    $q->execute();
+    return $q;
 }
 
 function select20GroupsByStatusFromN($n, $status) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
     SELECT
         `group_page`.`groupID`,
         `group_page`.`name`,
@@ -45,12 +53,17 @@ function select20GroupsByStatusFromN($n, $status) {
     FROM
         `group_page`
     WHERE
-    	`group_page`.`status` = $status
+    	`group_page`.`status` = :status
     ORDER BY
         `group_page`.`name` ASC
     LIMIT
-        $n, 20
+        :n, 20
     ");
+
+    $q->bindParam(':status', $status);
+    $q->bindParam(':n', $n);
+    $q->execute();
+    return $q;
 }
 
 function search20GroupsFromNByStatus($n, $keyword, $status) {
@@ -80,8 +93,8 @@ function search20GroupsFromNByStatus($n, $keyword, $status) {
     return $q;
 }
 
-function searchSomeGroupsByStatus($db, $n, $m, $keyword, $status) {
-    $q = $db->prepare("
+function searchSomeGroupsByStatus($n, $m, $keyword, $status) {
+    $q = $GLOBALS['db']->prepare("
     SELECT
         `groupID`,
         `name`,
@@ -108,8 +121,8 @@ function searchSomeGroupsByStatus($db, $n, $m, $keyword, $status) {
     return $q;
 }
 
-function countSomeGroupsByStatus($db, $keyword, $status) {
-    $q = $db->prepare("
+function countSomeGroupsByStatus($keyword, $status) {
+    $q = $GLOBALS['db']->prepare("
     SELECT
         COUNT(*)
     FROM
@@ -141,11 +154,9 @@ function changeGroupStatusByID($id, $status) {
 
     return $q;
 }
-<<<<<<< HEAD
 
-
-function changeMultipleGroupStatusByID($db, $ids, $status) {
-    $q = $db->prepare("
+function changeMultipleGroupStatusByID($ids, $status) {
+    $q = $GLOBALS['db']->prepare("
     UPDATE
         `group_page`
     SET
@@ -163,5 +174,3 @@ function changeMultipleGroupStatusByID($db, $ids, $status) {
 
 
 ?>
-=======
->>>>>>> master
diff --git a/website/queries/user.php b/website/queries/user.php
index 71cef11..719a40f 100644
--- a/website/queries/user.php
+++ b/website/queries/user.php
@@ -87,7 +87,7 @@ function selectAllUserPosts($userID) {
 }
 
 function select20UsersFromN($n) {
-    return $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
     SELECT
         `userID`,
         `username`,
@@ -99,8 +99,12 @@ function select20UsersFromN($n) {
         `role`,
         `username`
     LIMIT
-        $n, 20
+        :n, 20
     ");
+
+    $q->bindParam(':n', $n);
+    $q->execute();
+    return $q;
 }
 
 function search20UsersFromN($n, $keyword) {
@@ -155,8 +159,8 @@ function search20UsersFromNByStatus($n, $keyword, $status) {
     return $q;
 }
 
-function searchSomeUsersByStatus($db, $n, $m, $keyword, $status) {
-    $q = $db->prepare("
+function searchSomeUsersByStatus($n, $m, $keyword, $status) {
+    $q = $GLOBALS["db"]->prepare("
     SELECT
         `userID`,
         `username`,
@@ -184,8 +188,8 @@ function searchSomeUsersByStatus($db, $n, $m, $keyword, $status) {
     return $q;
 }
 
-function countSomeUsersByStatus($db, $keyword, $status) {
-    $q = $db->prepare("
+function countSomeUsersByStatus($keyword, $status) {
+    $q = $GLOBALS["db"]->prepare("
     SELECT
         COUNT(*)
     FROM
@@ -208,20 +212,23 @@ function countSomeUsersByStatus($db, $keyword, $status) {
 
 
 function changeUserStatusByID($id, $status) {
-    $q = $GLOBALS["db"]->query("
+    $q = $GLOBALS["db"]->prepare("
     UPDATE
         `user`
     SET
-        `role` = $status
+        `role` = :status
     WHERE
-        `userID` = $id
+        `userID` = :id
     ");
 
+    $q->bindParam(':status', $status);
+    $q->bindParam(':id', $id);
+    $q->execute();
     return $q;
 }
 
-function changeMultipleUserStatusByID($db, $ids, $status) {
-    $q = $db->prepare("
+function changeMultipleUserStatusByID($ids, $status) {
+    $q = $GLOBALS["db"]->prepare("
     UPDATE
         `user`
     SET
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index 52681a4..af23dae 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -84,19 +84,19 @@ if (isset($_GET["groupstatus"])) {
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     if (isset($_POST["actions"]) && isset($_POST["userID"])) {
-        changeUserStatusByID($db, $_POST["userID"], $_POST["actions"]);
+        changeUserStatusByID($_POST["userID"], $_POST["actions"]);
     }
 
     if (isset($_POST["actions"]) && isset($_POST["groupID"])) {
-        changeGroupStatusByID($db, $_POST["groupID"], $_POST["actions"]);
+        changeGroupStatusByID($_POST["groupID"], $_POST["actions"]);
     }
 
     if (isset($_POST["batchactions"]) && isset($_POST["checkbox-user"])) {
-        changeMultipleUserStatusByID($db, $_POST["checkbox-user"], $_POST["batchactions"]);
+        changeMultipleUserStatusByID($_POST["checkbox-user"], $_POST["batchactions"]);
     }
 
     if (isset($_POST["groupbatchactions"]) && isset($_POST["checkbox-group"])) {
-        changeMultipleGroupStatusByID($db, $_POST["checkbox-group"], $_POST["groupbatchactions"]);
+        changeMultipleGroupStatusByID($_POST["checkbox-group"], $_POST["groupbatchactions"]);
     }
 
     if (isset($_POST["pageselect"])) {
@@ -226,9 +226,9 @@ function test_input($data) {
                     <div class="admin-pageui">
                         <?php
                         if ($pagetype == "user") {
-                            $pages = countSomeUsersByStatus($db, $search, $status);
+                            $pages = countSomeUsersByStatus($search, $status);
                         } else {
-                            $pages = countSomeGroupsByStatus($db, $search, $status);
+                            $pages = countSomeGroupsByStatus($search, $status);
                         }
                         $countresults = $pages->fetchColumn();
                         $mincount = min($listm, $countresults);
@@ -277,7 +277,7 @@ function test_input($data) {
                     $listm = $currentpage * $perpage;
 
                     if ($pagetype == 'user') {
-                        $q = searchSomeUsersByStatus($db, $listn, $listm, $search, $status);
+                        $q = searchSomeUsersByStatus($listn, $listm, $search, $status);
 
                         while($user = $q->fetch(PDO::FETCH_ASSOC)) {
                             $userID = $user['userID'];
@@ -316,7 +316,7 @@ function test_input($data) {
                             ");
                         }
                     } else {
-                        $q = searchSomeGroupsByStatus($db, $listn, $listm, $search, $groupstatus);
+                        $q = searchSomeGroupsByStatus($listn, $listm, $search, $groupstatus);
 
                         while ($group = $q->fetch(PDO::FETCH_ASSOC)) {
                             $groupID = $group['groupID'];

From bfdf9e989b2a724f505975d9ab79ccef106e937d Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Fri, 20 Jan 2017 13:07:47 +0100
Subject: [PATCH 09/19] Fixed profile page, now shows current user when no
 username is given in get variable.

---
 website/public/profile.php   | 61 ++++++------------------------------
 website/queries/nicetime.php | 39 +++++++++++++++++++++++
 2 files changed, 49 insertions(+), 51 deletions(-)
 create mode 100644 website/queries/nicetime.php

diff --git a/website/public/profile.php b/website/public/profile.php
index f3f499b..0fe2feb 100644
--- a/website/public/profile.php
+++ b/website/public/profile.php
@@ -1,45 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <?php include("../views/head.php"); ?>
+    <style>
+        @import url("styles/profile.css");
+    </style>
+</head>
+<body>
 <?php
 include("../queries/user.php");
 include("../queries/friendship.php");
-
-function nicetime($date) {
-    if(empty($date)) {
-        return "No date provided";
-    }
-
-    $single_periods = array("seconde", "minuut", "uur", "dag", "week", "maand", "jaar", "decennium");
-    $multiple_periods = array("seconden", "minuten", "uur", "dagen", "weken", "maanden", "jaar", "decennia");
-    $lengths = array("60", "60", "24", "7", "4.35", "12", "10", "0");
-
-    $now = time();
-    $unix_date = strtotime($date);
-
-    if(empty($unix_date)) {
-        return "Bad date";
-    }
-
-    if($now > $unix_date) {
-        $difference = $now - $unix_date;
-        $tense = "geleden";
-    } else {
-        $difference = $unix_date - $now;
-        $tense = "vanaf nu";
-    }
-
-    for($i = 0; $difference >= $lengths[$i] && $i < count($lengths) - 1; $i++) {
-        $difference /= $lengths[$i];
-    }
-
-    $difference = round($difference);
-
-    if($difference != 1) {
-        $period = $multiple_periods[$i];
-    } else {
-        $period = $single_periods[$i];
-    }
-
-    return "$difference $period $tense";
-}
+include("../queries/nicetime.php");
 
 if(empty($_GET["username"])) {
     $userID = $_SESSION["userID"];
@@ -52,18 +23,6 @@ $profile_friends = selectAllFriends($userID);
 $profile_groups = selectAllUserGroups($userID);
 $posts = selectAllUserPosts($userID);
 
-?>
-
-<!DOCTYPE html>
-<html>
-<head>
-    <?php include("../views/head.php"); ?>
-    <style>
-        @import url("styles/profile.css");
-    </style>
-</head>
-<body>
-<?php
 /*
  * This view adds the main layout over the screen.
  * Header, menu, footer.
diff --git a/website/queries/nicetime.php b/website/queries/nicetime.php
new file mode 100644
index 0000000..4db6cbd
--- /dev/null
+++ b/website/queries/nicetime.php
@@ -0,0 +1,39 @@
+<?php
+function nicetime($date) {
+if(empty($date)) {
+return "No date provided";
+}
+
+$single_periods = array("seconde", "minuut", "uur", "dag", "week", "maand", "jaar", "decennium");
+$multiple_periods = array("seconden", "minuten", "uur", "dagen", "weken", "maanden", "jaar", "decennia");
+$lengths = array("60", "60", "24", "7", "4.35", "12", "10", "0");
+
+$now = time();
+$unix_date = strtotime($date);
+
+if(empty($unix_date)) {
+return "Bad date";
+}
+
+if($now > $unix_date) {
+$difference = $now - $unix_date;
+$tense = "geleden";
+} else {
+$difference = $unix_date - $now;
+$tense = "vanaf nu";
+}
+
+for($i = 0; $difference >= $lengths[$i] && $i < count($lengths) - 1; $i++) {
+$difference /= $lengths[$i];
+}
+
+$difference = round($difference);
+
+if($difference != 1) {
+$period = $multiple_periods[$i];
+} else {
+$period = $single_periods[$i];
+}
+
+return "$difference $period $tense";
+}
\ No newline at end of file

From 6418b2b679fdaee5f70da8dddf6321989ea5ea5d Mon Sep 17 00:00:00 2001
From: Hendrik <hendrik.huang@student.uva.nl>
Date: Fri, 20 Jan 2017 13:14:28 +0100
Subject: [PATCH 10/19] move js to /js

---
 website/public/js/admin.js   | 44 +++++++++++++++++++++++++++++++
 website/views/adminpanel.php | 50 ++----------------------------------
 2 files changed, 46 insertions(+), 48 deletions(-)
 create mode 100644 website/public/js/admin.js

diff --git a/website/public/js/admin.js b/website/public/js/admin.js
new file mode 100644
index 0000000..2055123
--- /dev/null
+++ b/website/public/js/admin.js
@@ -0,0 +1,44 @@
+window.onload = function() {
+    changeFilter();
+};
+
+function checkAll(allbox) {
+    var checkboxes = document.getElementsByClassName('checkbox-list');
+
+    for (var i = 0; i < checkboxes.length; i++) {
+        if (checkboxes[i].type == 'checkbox') {
+            checkboxes[i].checked = allbox.checked;
+        }
+    }
+}
+
+function checkCheckAll(allbox) {
+    var checkboxes = document.getElementsByClassName('checkbox-list');
+    var checked = true;
+
+    for (var i = 0; i < checkboxes.length; i++) {
+        if (checkboxes[i].type == 'checkbox') {
+            if (checkboxes[i].checked == false) {
+                checked = false;
+                break;
+            }
+        }
+    }
+    allbox.checked = checked;
+}
+
+function changeFilter() {
+    if (document.getElementById('group').checked) {
+        document.getElementById('admin-filter').style.display = 'none';
+        document.getElementById('admin-groupfilter').style.display = 'inline-block';
+
+        document.getElementById('admin-batchactions').style.display = 'none';
+        document.getElementById('admin-groupbatchactions').style.display = 'inline-block';
+    } else {
+        document.getElementById('admin-filter').style.display = 'inline-block';
+        document.getElementById('admin-groupfilter').style.display = 'none';
+
+        document.getElementById('admin-batchactions').style.display = 'inline-block';
+        document.getElementById('admin-groupbatchactions').style.display = 'none';
+    }
+}
diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index af23dae..fde8237 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -3,53 +3,7 @@
 <head>
     <meta charset="utf-8">
     <title>Admin Panel</title>
-    <script type="text/javascript">
-    window.onload = function() {
-        changeFilter();
-    };
-
-    function checkAll(allbox) {
-        var checkboxes = document.getElementsByClassName('checkbox-list');
-
-        for (var i = 0; i < checkboxes.length; i++) {
-            if (checkboxes[i].type == 'checkbox') {
-                checkboxes[i].checked = allbox.checked;
-            }
-        }
-    }
-
-    function checkCheckAll(allbox) {
-        var checkboxes = document.getElementsByClassName('checkbox-list');
-        var checked = true;
-
-        for (var i = 0; i < checkboxes.length; i++) {
-            if (checkboxes[i].type == 'checkbox') {
-                if (checkboxes[i].checked == false) {
-                    checked = false;
-                    break;
-                }
-            }
-        }
-        allbox.checked = checked;
-    }
-
-    function changeFilter() {
-        if (document.getElementById('group').checked) {
-            document.getElementById('admin-filter').style.display = 'none';
-            document.getElementById('admin-groupfilter').style.display = 'inline-block';
-
-            document.getElementById('admin-batchactions').style.display = 'none';
-            document.getElementById('admin-groupbatchactions').style.display = 'inline-block';
-        } else {
-            document.getElementById('admin-filter').style.display = 'inline-block';
-            document.getElementById('admin-groupfilter').style.display = 'none';
-
-            document.getElementById('admin-batchactions').style.display = 'inline-block';
-            document.getElementById('admin-groupbatchactions').style.display = 'none';
-        }
-    }
-
-    </script>
+    <script src="../public/js/admin.js" charset="utf-8"></script>
     <?php
         include_once("../queries/user.php");
         include_once("../queries/group_page.php");
@@ -228,7 +182,7 @@ function test_input($data) {
                         if ($pagetype == "user") {
                             $pages = countSomeUsersByStatus($search, $status);
                         } else {
-                            $pages = countSomeGroupsByStatus($search, $status);
+                            $pages = countSomeGroupsByStatus($search, $groupstatus);
                         }
                         $countresults = $pages->fetchColumn();
                         $mincount = min($listm, $countresults);

From 61c148e127bade2b031d75264504a84754b70200 Mon Sep 17 00:00:00 2001
From: Lars van Hijfte <larsvanhijfte@hotmail.com>
Date: Fri, 20 Jan 2017 13:30:40 +0100
Subject: [PATCH 11/19] Made chat xss prove

---
 website/public/API/loadMessages.php |  7 +++----
 website/public/API/sendMessage.php  | 15 +++++++--------
 website/public/js/chat.js           |  6 +-----
 3 files changed, 11 insertions(+), 17 deletions(-)

diff --git a/website/public/API/loadMessages.php b/website/public/API/loadMessages.php
index fef9db7..1c6b942 100644
--- a/website/public/API/loadMessages.php
+++ b/website/public/API/loadMessages.php
@@ -3,11 +3,10 @@
 session_start();
 require_once("../../queries/connect.php");
 require_once("../../queries/private_message.php");
+require_once("../../queries/checkInput.php");
 
 if (isset($_POST["lastID"]) && $_POST["lastID"] != "") {
-
-    echo getNewChatMessages($_POST["lastID"], $_POST["destination"]);
-
+    echo getNewChatMessages(test_input($_POST["lastID"]), test_input($_POST["destination"]));
 } else {
-    echo getOldChatMessages($_POST["destination"]);
+    echo getOldChatMessages(test_input($_POST["destination"]));
 }
\ No newline at end of file
diff --git a/website/public/API/sendMessage.php b/website/public/API/sendMessage.php
index d1bc758..c5d47d1 100644
--- a/website/public/API/sendMessage.php
+++ b/website/public/API/sendMessage.php
@@ -3,16 +3,15 @@
 session_start();
 require_once("../../queries/connect.php");
 require_once("../../queries/private_message.php");
+require_once("../../queries/checkInput.php");
 
-if (isset($_POST["destination"]) &&
-    isset($_POST["content"])) {
-
-    if (sendMessage($_POST["destination"], $_POST["content"])) {
-        echo $_POST["content"] . " is naar " . $_POST["destination"] . " gestuurd";
+if (!empty(test_input($_POST["destination"])) &&
+    !empty(test_input($_POST["content"]))) {
+    if (sendMessage(test_input($_POST["destination"]), test_input($_POST["content"]))) {
+        echo 1;
     } else {
-        echo "YOU FAILED!!!";
+        echo 0;
     }
-
 } else {
-    echo "maybe dont try to hax the system?";
+    echo 0;
 }
\ No newline at end of file
diff --git a/website/public/js/chat.js b/website/public/js/chat.js
index 75eb32e..6c420a1 100644
--- a/website/public/js/chat.js
+++ b/website/public/js/chat.js
@@ -10,7 +10,6 @@ function loadMessages() {
         $("#lastIDForm").serialize()
     ).done(function(data) {
         if (data && data != "[]") {
-            console.log(data);
             messages = JSON.parse(data);
             addMessages(messages);
             $("#lastID").val(messages[messages.length - 1].messageID);
@@ -23,13 +22,10 @@ function loadMessages() {
 
 
 function sendMessage() {
-    console.log($("#sendMessageForm").serialize());
     $.post(
         "API/sendMessage.php",
         $("#sendMessageForm").serialize()
-    ).done(function( data ) {
-        console.log(data);
-    });
+    );
 
     $("#newContent").val("");
 }

From b7620fe4dbe3cdaf595eb71087b485e4bbeaf81e Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Fri, 20 Jan 2017 14:05:20 +0100
Subject: [PATCH 12/19] Moved .htaccess

---
 website/.htaccess        | 14 --------------
 website/public/.htaccess | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 14 deletions(-)
 delete mode 100644 website/.htaccess
 create mode 100644 website/public/.htaccess

diff --git a/website/.htaccess b/website/.htaccess
deleted file mode 100644
index 5c0147b..0000000
--- a/website/.htaccess
+++ /dev/null
@@ -1,14 +0,0 @@
-Options +FollowSymLinks
-RewriteEngine On
-
-ErrorDocument 404 /error404.jpg
-
-RewriteCond %{SCRIPT_FILENAME} !-d
-RewriteCond %{SCRIPT_FILENAME} !-f
-
-# Resolve .php file for extensionless php urls
-RewriteRule ^([^/.]+)$ $1.php [L]
-
-RewriteRule ^([^/.]+)\/$ $1.php [L]
-
-RewriteRule ^profile/([A-z0-9]+)\/?$ profile.php?username=$1 [NC]
\ No newline at end of file
diff --git a/website/public/.htaccess b/website/public/.htaccess
new file mode 100644
index 0000000..69fda24
--- /dev/null
+++ b/website/public/.htaccess
@@ -0,0 +1,14 @@
+#Options +FollowSymLinks
+#RewriteEngine On
+#
+#ErrorDocument 404 /error404.jpg
+#
+#RewriteCond %{SCRIPT_FILENAME} !-d
+#RewriteCond %{SCRIPT_FILENAME} !-f
+#
+## Resolve .php file for extensionless php urls
+#RewriteRule ^([^/.]+)$ $1.php [L]
+#
+#RewriteRule ^([^/.]+)\/$ $1.php [L]
+#
+#RewriteRule ^profile/([A-z0-9]+)\/?$ profile.php?username=$1 [NC]
\ No newline at end of file

From f9c55323ad54047ab80381499fef430b3f49fd8b Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Fri, 20 Jan 2017 14:09:04 +0100
Subject: [PATCH 13/19] Made friends and groups clickable.

---
 website/views/profile.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/views/profile.php b/website/views/profile.php
index 6c273a6..47b880d 100644
--- a/website/views/profile.php
+++ b/website/views/profile.php
@@ -13,7 +13,7 @@
         <p>
             <?php
                 while($friend = $profile_friends->fetch()) {
-                    echo "<a href='#' data-title='${friend["username"]}'><img class='profile-picture' src='${friend["profilepicture"]}' alt='${friend["username"]}'s profielfoto></a>";
+                    echo "<a href='profile/${friend["username"]}/' data-title='${friend["username"]}'><img class='profile-picture' src='${friend["profilepicture"]}' alt='${friend["username"]}'s profielfoto></a>";
                 }
 
 
@@ -29,7 +29,7 @@
         <p>
             <?php
                 while($group = $profile_groups->fetch()) {
-                    echo "<a href='#' data-title='${group["name"]}'><img class='group-picture' src='${group["picture"]}' alt='${group["name"]}s logo'></a>";
+                    echo "<a href='group/${group["name"]}/' data-title='${group["name"]}'><img class='group-picture' src='${group["picture"]}' alt='${group["name"]}s logo'></a>";
                 }
 
                 if($groups->rowCount() === 0) {

From 0e5f7dc9fb4e7581bef3d1f85ef1231ad9ad71c0 Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Fri, 20 Jan 2017 14:10:32 +0100
Subject: [PATCH 14/19] Fixed no friends text and no groups text.

---
 website/views/profile.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/views/profile.php b/website/views/profile.php
index 47b880d..83ac799 100644
--- a/website/views/profile.php
+++ b/website/views/profile.php
@@ -17,7 +17,7 @@
                 }
 
 
-                if($friends->rowCount() === 0) {
+                if($profile_friends->rowCount() === 0) {
                     echo "<p>Deze gebruiker heeft nog geen vrienden gemaakt.</p>";
                 }
             ?>
@@ -32,7 +32,7 @@
                     echo "<a href='group/${group["name"]}/' data-title='${group["name"]}'><img class='group-picture' src='${group["picture"]}' alt='${group["name"]}s logo'></a>";
                 }
 
-                if($groups->rowCount() === 0) {
+                if($profile_groups->rowCount() === 0) {
                     echo "<p>Deze gebruiker is nog geen lid van een groep.</p>";
                 }
             ?>

From adb7f2f37db78f7099b3fedbcfe48d783c9c91a7 Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Fri, 20 Jan 2017 14:31:49 +0100
Subject: [PATCH 15/19] Fixed .htaccess

---
 website/public/.htaccess | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/website/public/.htaccess b/website/public/.htaccess
index 69fda24..5c0147b 100644
--- a/website/public/.htaccess
+++ b/website/public/.htaccess
@@ -1,14 +1,14 @@
-#Options +FollowSymLinks
-#RewriteEngine On
-#
-#ErrorDocument 404 /error404.jpg
-#
-#RewriteCond %{SCRIPT_FILENAME} !-d
-#RewriteCond %{SCRIPT_FILENAME} !-f
-#
-## Resolve .php file for extensionless php urls
-#RewriteRule ^([^/.]+)$ $1.php [L]
-#
-#RewriteRule ^([^/.]+)\/$ $1.php [L]
-#
-#RewriteRule ^profile/([A-z0-9]+)\/?$ profile.php?username=$1 [NC]
\ No newline at end of file
+Options +FollowSymLinks
+RewriteEngine On
+
+ErrorDocument 404 /error404.jpg
+
+RewriteCond %{SCRIPT_FILENAME} !-d
+RewriteCond %{SCRIPT_FILENAME} !-f
+
+# Resolve .php file for extensionless php urls
+RewriteRule ^([^/.]+)$ $1.php [L]
+
+RewriteRule ^([^/.]+)\/$ $1.php [L]
+
+RewriteRule ^profile/([A-z0-9]+)\/?$ profile.php?username=$1 [NC]
\ No newline at end of file

From 6478ce920f56a1fe1b004b99ef253cdc6fe10a1e Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Fri, 20 Jan 2017 14:40:21 +0100
Subject: [PATCH 16/19] Fixed .htaccess

---
 website/public/.htaccess | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/website/public/.htaccess b/website/public/.htaccess
index 5c0147b..f08898a 100644
--- a/website/public/.htaccess
+++ b/website/public/.htaccess
@@ -9,6 +9,4 @@ RewriteCond %{SCRIPT_FILENAME} !-f
 # Resolve .php file for extensionless php urls
 RewriteRule ^([^/.]+)$ $1.php [L]
 
-RewriteRule ^([^/.]+)\/$ $1.php [L]
-
-RewriteRule ^profile/([A-z0-9]+)\/?$ profile.php?username=$1 [NC]
\ No newline at end of file
+RewriteRule ^profile/([A-z0-9]+)$ profile.php?username=$1 [NC]
\ No newline at end of file

From ca28724274047a90649944303022a2d503cd45f7 Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Fri, 20 Jan 2017 14:48:00 +0100
Subject: [PATCH 17/19] Fixed script tags and @import. Has to be absolute path
 in order to work with the .htaccess file.

---
 website/public/profile.php |  3 ++-
 website/views/head.php     | 17 ++++++++---------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/website/public/profile.php b/website/public/profile.php
index 0fe2feb..6ede201 100644
--- a/website/public/profile.php
+++ b/website/public/profile.php
@@ -2,8 +2,9 @@
 <html>
 <head>
     <?php include("../views/head.php"); ?>
+    <script src="/js/masonry.js"></script>
     <style>
-        @import url("styles/profile.css");
+        @import url("/styles/profile.css");
     </style>
 </head>
 <body>
diff --git a/website/views/head.php b/website/views/head.php
index bb6eec4..4347650 100644
--- a/website/views/head.php
+++ b/website/views/head.php
@@ -1,17 +1,16 @@
 <meta charset="utf-8">
 <title>MyHyvesbook+</title>
 <!-- Add your javascript files here. -->
-<script src="js/jquery.js"></script>
-<script src="js/header.js"></script>
-<script src="js/menu.js"></script>
-<script src="js/masonry.js"></script>
+<script src="/js/jquery.js"></script>
+<script src="/js/header.js"></script>
+<script src="/js/menu.js"></script>
 <style>
     /* Add your css files here. */
-    @import url("styles/main.css");
-    @import url("styles/font-awesome.css");
-    @import url("styles/header.css");
-    @import url("styles/menu.css");
-    @import url("styles/footer.css");
+    @import url("/styles/main.css");
+    @import url("/styles/font-awesome.css");
+    @import url("/styles/header.css");
+    @import url("/styles/menu.css");
+    @import url("/styles/footer.css");
 </style>
 <?php
 

From e547712b2a6020aaee8cb59ee4795287f82dfa74 Mon Sep 17 00:00:00 2001
From: "K. Nobel" <kevlebon@gmailcom>
Date: Fri, 20 Jan 2017 15:02:05 +0100
Subject: [PATCH 18/19] Changed links to absolute path.

---
 website/views/adminpanel.php    |  2 +-
 website/views/header.php        | 12 ++++++------
 website/views/login-view.php    |  4 ++--
 website/views/login_head.php    |  6 +++---
 website/views/menu.php          |  2 +-
 website/views/profile.php       |  2 +-
 website/views/register-view.php |  2 +-
 7 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/website/views/adminpanel.php b/website/views/adminpanel.php
index fde8237..e8efe6f 100644
--- a/website/views/adminpanel.php
+++ b/website/views/adminpanel.php
@@ -3,7 +3,7 @@
 <head>
     <meta charset="utf-8">
     <title>Admin Panel</title>
-    <script src="../public/js/admin.js" charset="utf-8"></script>
+    <script src="/js/admin.js" charset="utf-8"></script>
     <?php
         include_once("../queries/user.php");
         include_once("../queries/group_page.php");
diff --git a/website/views/header.php b/website/views/header.php
index a58e5f0..2a1f580 100644
--- a/website/views/header.php
+++ b/website/views/header.php
@@ -5,10 +5,10 @@ $userinfo = getHeaderInfo();
 ?>
 <header>
     <div id="header-logo">
-        <a href="profile.php"><img src="img/top-logo.png" alt="MyHyvesbook+" /></a>
+        <a href="profile.php"><img src="/img/top-logo.png" alt="MyHyvesbook+" /></a>
     </div>
     <div id="header-search">
-        <form action="search.php" method="get">
+        <form action="/search" method="get">
             <input name="search"
                    type="text"
                    placeholder="Zoek naar wat je wil"
@@ -20,9 +20,9 @@ $userinfo = getHeaderInfo();
     </div>
     <div class="right profile-menu">
         <div id="profile-menu-popup">
-            <a href="logout.php"><span style="color: red;" class="fa fa-sign-out" data-title="Uitloggen"></span></a> |
-            <a href="settings.php"><span style="color: blue;" class="fa fa-cog" data-title="Instellingen"></span></a> |
-            <a href="profile.php"><span style="color: green;" class="fa fa-user" data-title="Profiel"></span></a>
+            <a href="/logout"><span style="color: red;" class="fa fa-sign-out" data-title="Uitloggen"></span></a> |
+            <a href="/settings"><span style="color: blue;" class="fa fa-cog" data-title="Instellingen"></span></a> |
+            <a href="/profile"><span style="color: green;" class="fa fa-user" data-title="Profiel"></span></a>
         </div>
         <div id="profile-hello-popup">
             <div id="hello-loop">
@@ -32,5 +32,5 @@ $userinfo = getHeaderInfo();
         </div>
         <img id="own-profile-picture" class="profile-picture" src="<?=$userinfo["profilepicture"]?>"/>
     </div>
-    <a href="chat.php"><div class="right fa fa-comments-o" id="open-chat" data-title="Prive chats"></div></a>
+    <a href="/chat"><div class="right fa fa-comments-o" id="open-chat" data-title="Prive chats"></div></a>
 </header>
diff --git a/website/views/login-view.php b/website/views/login-view.php
index 33fa7e9..7a023f0 100644
--- a/website/views/login-view.php
+++ b/website/views/login-view.php
@@ -1,6 +1,6 @@
 <div>
     <img style="width:50%;margin-left:25%"
-         src="img/top-logo.png"
+         src="/img/top-logo.png"
          alt="MyHyvesbook+">
 </div>
 <div class="platform">
@@ -46,6 +46,6 @@
     </form>
     <!-- Button for going to the register screen -->
     <div class="login_containerlogin">
-      <a href="https://myhyvesbookplus.nl/register.php" class="button">Registreer een account</a>
+      <a href="https://myhyvesbookplus.nl/register" class="button">Registreer een account</a>
     </div>
 </div>
diff --git a/website/views/login_head.php b/website/views/login_head.php
index a41e87e..645f919 100644
--- a/website/views/login_head.php
+++ b/website/views/login_head.php
@@ -3,9 +3,9 @@
     <title>MyHyvesbook+</title>
     <link rel="stylesheet"
           type="text/css"
-          href="styles/main.css">
+          href="/styles/main.css">
     <link rel="stylesheet"
           type="text/css"
-          href="styles/index.css">
-    <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
+          href="/styles/index.css">
+    <script src="/js/jquery.js"></script>
 </head>
diff --git a/website/views/menu.php b/website/views/menu.php
index 88ae076..c6b030a 100644
--- a/website/views/menu.php
+++ b/website/views/menu.php
@@ -51,7 +51,7 @@
 
             echo "
                 <li class='friend-item'>
-                    <form action='profile.php' method='get'>
+                    <form action='/profile' method='get'>
                         <button type='submit'
                                 name='username'
                                 value='$randomUser'>
diff --git a/website/views/profile.php b/website/views/profile.php
index 83ac799..f8cdadd 100644
--- a/website/views/profile.php
+++ b/website/views/profile.php
@@ -2,7 +2,7 @@
     <div class="profile-box platform">
         <img class="left profile-picture" src="<?php echo $user["profilepicture"] ?>">
         <div class="profile-button">
-            <p><img src="img/add-friend.png"> Als vriend toevoegen</p>
+            <p><img src="/img/add-friend.png"> Als vriend toevoegen</p>
         </div>
         <h1 class="profile-username"><?= $user["fname"]?> <?=$user["lname"]?> (<?=$user["username"]?>)</h1>
         <p><?=$user["bio"]?></p>
diff --git a/website/views/register-view.php b/website/views/register-view.php
index b95dd81..4ccf868 100644
--- a/website/views/register-view.php
+++ b/website/views/register-view.php
@@ -1,6 +1,6 @@
 <div>
     <img style="width:50%;margin-left:25%"
-         src="img/top-logo.png"
+         src="/img/top-logo.png"
          alt="MyHyvesbook+">
 </div>
 

From 15a3640eea1db743e5d8ab0d962cdc9f56e27b19 Mon Sep 17 00:00:00 2001
From: Joey Lai <joeylai96@hotmail.com>
Date: Fri, 20 Jan 2017 15:25:37 +0100
Subject: [PATCH 19/19] Added arrow button for going to login.php

---
 website/public/login.php        | 11 ++++-----
 website/public/styles/index.css | 44 ++++++++++++++++++++++++++-------
 website/views/register-view.php |  7 +++---
 3 files changed, 43 insertions(+), 19 deletions(-)

diff --git a/website/public/login.php b/website/public/login.php
index 3d37da7..b3da203 100644
--- a/website/public/login.php
+++ b/website/public/login.php
@@ -9,12 +9,11 @@
 <body>
 <script>
 function checkLoggedIn() {
-    if (confirm("You are already logged in!\Do you want to logout?\Press ok to logout.") == true) {
-        unset($_SESSION["userID"]);
-        header("Location: login.php");
-    } else {
-        header("location: profile.php");
-    }
+    if (confirm("You are already logged in!\nDo you want to logout?\nPress ok to logout.") == true) {
+        window.location.href = "logout.php";
+        } else {
+        window.history.back();
+}
     document.getElementById("demo").innerHTML = x;
 }
 </script>
diff --git a/website/public/styles/index.css b/website/public/styles/index.css
index c551fd1..4b55904 100644
--- a/website/public/styles/index.css
+++ b/website/public/styles/index.css
@@ -1,7 +1,7 @@
 a.button {
-    background-color: #405550;
+    background-color: #C8CABD;
     border-radius: 10px;
-    color: white;
+    color: black;
     cursor: pointer;
     height: 50%;
     margin: 8px 0;
@@ -46,8 +46,8 @@ body {
 form {
     /*background-color: #a87a87;*/
     border-radius: 12px;
-    height: 75%;
-    margin: 10px auto;
+    height: 80%;
+    margin: auto;
     width: 70%;
     overflow-y:auto;
 }
@@ -66,14 +66,15 @@ h2 {
     font-size: 2.0em;
 }
 
+
 input[type=text], input[type=password], input[type=email], input[type="date"] {
     box-sizing: border-box;
     border-color: #C8CABD;
     display: inline-block;
-    height: 50%;
+    height: 60%;
     padding: 8px 20px;
     margin: 4px 0;
-    width: 50%;
+    width: 70%;
 }
 /*
 input[type=text], input[type=password], input[type=email], input[type="date"] {
@@ -101,6 +102,31 @@ label {
     display: block;
 }
 
+.left-arrow {
+    display: inline-block;
+    position: relative;
+    background-color: #C8CABD;
+    height: 30px;
+    width: 90px;
+    padding: 3px 3px 3px 0px;
+    text-align: center;
+    border-radius: 0px 10px 10px 0px;
+    font-size: 24px;
+
+}
+.left-arrow:after {
+    content: '';
+    display: block;
+    position: absolute;
+    right: 100%;
+    top: 0;
+    bottom: 0;
+    border-top: 15px solid transparent;
+    border-right: 20px solid #C8CABD;
+    border-bottom: 15px solid transparent;
+    border-left: 0px solid transparent;
+}
+
 /* padding voor registreer container */
 .login_containerregister {
     padding: 16px;
@@ -109,7 +135,7 @@ label {
 
 /* padding voor login_containers */
 .login_containerlogin {
-    padding: 16px;
+    padding:25px;
     text-align: center;
 }
 
@@ -133,11 +159,11 @@ label {
     background-repeat: repeat-x;
     background-attachment: fixed;*/
     box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);
-    height: 53%;
+    height: 550px;
     margin: 34px auto;
     overflow-y: auto;
     padding: 20px;
-    width: 35%;
+    width: 50%;
 }
 
 /*.platform {
diff --git a/website/views/register-view.php b/website/views/register-view.php
index b95dd81..b69bc8e 100644
--- a/website/views/register-view.php
+++ b/website/views/register-view.php
@@ -123,13 +123,12 @@
                    value="Registreer uw account"
                    name="Submit"
                    id="frm1_submit">
-            Registreer uw account
+            Registreer
             </button>
         </div>
     </form>
-
-    <!-- Button for going back to login screen -->
     <div class="login_containerlogin">
-        <a href="https://myhyvesbookplus.nl/login.php" class="button">Login met een account</a>
+    <!-- Button for going back to login screen -->
+        <a href="https://myhyvesbookplus.nl/login.php" class="left-arrow">Login</a>
     </div>
 </div>